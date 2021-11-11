Other than Black Friday. The imminent arrival of the most popular holiday by consumers coincides with the celebration of the sad funeral of the computer system of MediaMarkt, the giant in retail sales of consumer electronics that is present on the market under the brand in Italy MediaWorld.

The computers of the strongest multinational company in the sector in Europe are off and it would be of little use to keep them on since ransomware has rendered useless applications and data whose regular functioning marked the life cycle of sales and logistics activities.

The millionaire claim of the bandits

After a preliminary ransom note equal to 240 million euros, the criminals who have cleared the nervous system of MaediaMarkt have felt – a bit like the merchants struggling with significantly reduced prices with the magical special offers of this season – to be able to settle for the payment of “only” 50 million.

If it were a football match (which Dazn would not allow to see the “second” users affected by the contractual changes and perhaps not even the “first” thanks to the frequent malfunctions of the service) would see the hackers of the Hive Ransomware Group ahead of at least 3 goal on the bewildered MediaMarkt managers who don’t even know where to start bring back to normal in the company.

The cannon shot below the waterline that sank the MediaMarkt aircraft carrier was fired by a gang of cybercriminals who are by no means new to this kind of business. These criminals in September put the spotlight on their stunts by literally crucifying a long string of hospitals around the world, an operation that highlighted unprecedented cynicism.

Consumers are allowed to worry

They don’t seem to be there worrying reverberations for customers that – at the moment – it would have suffered only some disruption for payments by debit and credit cards, for pending orders and for other issues related to the unavailability of the automated services of the administrative and logistic functions.

If to the nefarious encryption of digital archives was also added a so-called “Exfiltration” of data then the situation is less reassuring. The pirates may be in possession of too much personal information about who bought and spent in the many shops or on the sites of this massive commercial chain. It is not difficult to imagine what the consequences may be, for example, of an illegal “transparency” numbers credit cards (complete with every detail) used for online purchases where the operation is completed only by providing the validation code (CCV or CVV if you prefer) which is shown on the back of that “piece of plastic” that everyone jealously guards …

MediaMarkt is no different from many other companies

The fact that 3100 servers ended up ko (it is easy to total them if we consider the capillarity of the points of sale in this chain) explains the insensitivity and unpreparedness of a management whose inability has been punished in an exemplary manner and measure. The episode – undoubtedly unfortunate if you think about the size of this business monster and the hyper-technological sector in which it operates – is not new to insiders.

The “good” outcome of the raid unequivocally testifies to the ease of undue action and unfortunately is only yet another blatant demonstration that even the largest and most structured organizations are not capable (often due to a deliberate ignorant choice) to contemplate a similar risk and to take all those initiatives (not sporadic but constant) essential for the survival of a company.

Executives are too busy making a career to find the time to read the newspapers and discover that for over two years the phenomenon of ransomware has plagued the corporate and institutional worlds. Anyone who talks to them about a problem to be dealt with systematically wastes his time. The topic is of no interest and if someone has to deal with it, it is certainly not the competent person who takes the liberty of reporting an urgent need.

Nothing to be surprised about

Hordes of makeshift consultants cybersecurity (heirs of those without a profession, in the past, tried to earn a living by selling imported cars, then mobile phones and covers, then electronic cigarettes …) have applied to give suggestions and indications in understandably unknown subjects. The recourse to the friend of the friend, convincing because in an elegant blue blazer and high-quality shoes, has opened the doors wide to those on the other hand who know the fragility of computer systems and the unsuitability of those at the helm.

Some might say “We are fruit”. I would like to say that in reality we are already at the tax receipt, perhaps not even issued. On the piece of squared paper on which the bill is written, the items charged are easy to read even if written quickly and with family doctor’s handwriting: absence of the slightest sense of responsibility, inexperience in identifying who-must-do-what , underestimation of the importance of staff training, very serious lightness in managing the destiny of a company and its workers, substantial indifference to the protection of the personal data of customers and employees. Coffee is offered by the house.